Top 5 WFH Cyber Risks and how to mitigate them  

The world is changing. The way we work, the way our businesses operate and how they interact with one-another, are all evolving at a rapid pace. As technology continues to advance, cyber threats are becoming increasingly prevalent and can impact our organization’s ability to function effectively.

With the digital economy, cybersecurity has become an integral part of every aspect of modern life – especially at the workplace. From mobile devices and cloud-based applications to social media platforms and online shopping portals, it seems like most things that people use on a daily basis may be vulnerable to attacks. Moreover, if hackers gain access to these systems, they may steal sensitive data or even shut down the critical services of a business completely.

Here are five work-from-home (WFH) cyber risks that organizations face today:

• Phishing scams

• Weak passwords

• Unencrypted file sharing

• Unsecured home WIFI

• Working of personal devices.

Phishing scams: With the increase in companies implementing WFH measures for employees, global phishing scams have become more prevalent.

Best practices:

• Check sender address in digital correspondences

• Contact sender to verify if unsure

• Check the clues, such as grammar errors

• Create awareness of phishing and scams through training / newsletters.

Weak passwords: In many cases, hackers gain access to corporate networks through weak combinations of usernames and passwords that are easy to guess and exploit

Best practices:

• Use a strong, difficult-to-guess password

• Use a password manager

• Do not share/expose passwords

• Always use multi-factor authentication where possible.

Unencrypted file sharing: Data security nightmares can occur if files are shared without encryption.

Best practices:

• Password-protect files and folders before sharing

• Use separate modes of communication to send the encrypted file/folder and password

• Use existing secure mail functions available in email systems (Gmail/Outlook).

Unsecured home WI-FI: There may be a risk as home WI-FI may have security gaps that hackers can exploit.

Best practices:

• Check WI-FI encryption settings

• Use a strong, difficult-to-guess password

• Share WI-FI access using QR-codes

• Disable the WI-FI Protected Setup (WPS) feature

• Update your router’s firmware.

Working on personal devices: Employees may choose to use their own personal devices for work purposes, and the organization should factor that in as a risk.

Best practices:

• Ensure that personal devices are password-protected

• Ensure that the storage of these devices are encrypted

• Create a non-admin profile for shared use by family members.

How can an organization’s Data Protection Officer (DPO) help mitigate these risks?

The organization must ensure that there is a plan to address these WFH Cyber risks head-on. It is vital to implement new policies and procedures, train staff members in best practices and create a plan to monitor employee behavior. The organization can consider focusing on the following three key areas:

Employee training:

• Empower employees with the knowledge to identify phishing emails

• Teach the dos and don’ts of WFH

WFH policy:

• Develop, implement and communicate the WFH policy

• Create a Ca;; Tree to facilitate notification during incident handling

• Ensure staff perform regular software updates

Infosecurity policy:

• Ensure that there is an escalation process (regulators, DPO and management) that is communicated to employees

• Set up a standard operating procedure (SOP) for the loss of a personal device that has been used for work purposes.

In conclusion: as a result of repeated breaches in the new normal of dispersed WHF workforces, cybersecurity and data protection are now in the spotlight. In order to mitigate cyber risks, it is imperative that data protection offices work closely with IT departments to monitor, operationalize and communicate new and best practices to all employees. We are in stand-by to assist you through training and through the provision of security software for DPOs and other security officers. Contact me at [email protected]